Ad Widget

**jhboricua** · 30-12-2024, 20:47

What provides the ntp.time key, some custom template or a user parameter?

**Rohllik28** · 31-12-2024, 11:12

Yes, my mistake, it’s not actually a native key. It was advice from unoficial source, and I didn’t think it through.

Anyway..

I’m giving up on attempts with an external NTP server; instead, I’ll use my own server where I have a Zabbix agent running. With the use of the system.localtime key, this is straightforward.

From the monitored ServerA and ServerB, which serve as NTP, I’m receiving the time into Zabbix. Now I need to create a trigger that will measure the difference between the two values. I came up with this expression, and it seems to be working well. Could someone please check it, or do you have a more elegant solution?

Code:

abs(last(/ServerA/system.localtime))
- (last(/ServerB/system.localtime))>30
or
abs(last(/ServerA/system.localtime))
- (last(/ServerB/system.localtime))<30

**jhboricua** · 31-12-2024, 18:23

Question:

Are your windows servers, even the ones without internet connectivity, domain joined? Because in that case, their time source is the DC with the PDC role, which in turn should be synchronizing with an internal/external NTP source. In that case, you should be able to use the fuzzy method.

I´m asking because It seems from your last comment that you seem to have an internal NTP server (ServerB), which could be the time source for both your PDC and domain members, but also for any other internal servers.

**Rohllik28** · 08-01-2025, 18:30

Originally posted by jhboricua

Question:

Are your windows servers, even the ones without internet connectivity, domain joined? Because in that case, their time source is the DC with the PDC role, which in turn should be synchronizing with an internal/external NTP source. In that case, you should be able to use the fuzzy method.

I´m asking because It seems from your last comment that you seem to have an internal NTP server (ServerB), which could be the time source for both your PDC and domain members, but also for any other internal servers.

They are not connected, in the domain,. ServerB is not actually an NTP server; it's a test server that currently acts as NTP and against which I'm trying to calculate the offset of the others.

To continue on this topic: I received another request, which is to measure the offset as accurately as possible - ideally to the second. On the Zabbix forum, I found only one topic addressing this, and it wasn't really resolved, so it would be great if we could resolve it here :-D.

I managed to achieve fairly accurate offset measurement between ServerA and ServerB (let's call it the NTP server) as follows:

Custom UserParameter in the Zabbix agent - calculates the number of milliseconds since midnight local time. Initially, I considered using the Linux epoch time, but in the end, milliseconds won out.
Code:
```
UserParameter=ntp.client.offset,powershell.exe -NoProfile -Command "[long](Get-Date).TimeOfDay.TotalMilliseconds"
```
Trigger - subtracts the number of milliseconds on ServerA from the number of milliseconds from the NTP server. If the result is greater than 1500ms, the trigger activates.
Code:
```
abs(last(/ServerA/ntp.client.offset) - last(/ServerB/ntp.client.offset)) > 1500
```
Item settings - This part is tricky, and I need advice and tuning on it. I had to set the update interval to 1 second and the Zabbix agent to active mode - without active mode, the difference in the last sample was always 2000ms; with active mode, it's only 1000ms. The problem is that this will generate a large amount of data, which could be solved by limiting history, e.g., to 1 day since I don't really need to store this data long-term. A bigger concern is the load on the network and Zabbix. If Zabbix receives data every second from about 70 servers, that could be a bit of a problem. Ideally, it would sample every 10 minutes, but here I run into the problem that if I start monitoring time from a new server at a moment when NTP is halfway through its interval, it will mean a 5-minute difference in the calculation, even though in reality the times on the servers might actually match.

So, is there a way to align the start of data collection so that it begins at exactly the same moment on different machines?

I'm a bit surprised that more people aren't addressing this...

**markfree** · 08-01-2025, 23:45

I think you can set a scheduled interval for your hosts.
Setting the scheduled interval to something like "s0-59" should pull data at the beginning of every second... in theory. However, this can have an unwanted outcome,, even with active checks.

The "zabbix_sender" binary should help with this. A good script should do the trick. Or you can use Zabbix API.

Code:

zabbix_sender -z [zabbix_server] -s [hostname] -k [trapper.item.key] -o [value]
Response from "[zabbix_server]:10051": "processed: 1; failed: 0; total: 1; seconds spent: 0.000107"
sent: 1; skipped: 0; total: 1

Despite all of this, you may be overlooking an actual time offset.

The round-trip delay is important in calculating the correct time offset. This is because your client and the "NTP server" machine may compute different times when pulling the "TotalMilliseconds", even if both are set to pull at the same time.
An actual NTP service computes transmission delay and the time difference.

Using a real NTP server seems like a better approach for your scenario. Then you can query the NTP client for the offset.
Windows Server can act as an NTP server, or you can install third-party applications for that.

Ad Widget

Measuring Time Difference Between Windows Servers and NTP Servers

Measuring Time Difference Between Windows Servers and NTP Servers

Comment

Comment

Comment

Comment

Comment